There are many phases to creating a wireless network, from planning to deploying. But concerns for your network don’t end there; beyond initial set up and deployment is management and security. One of the big monsters in network security is the end user, so security and network management begin with securing and managing who has access to your network.
Determining the Placement of Your Network Access Control
When choosing a method for Network Access Control (NAC), consider the following:
1. Level of security:
- User identity management versus just the computer’s identity.
2. Network infrastructure versus endpoint-based approach (server software on appliance v. network switch):
- Network-based systems boast better centralized control, easily set enterprise standards, and NAC protection for remote users accessing the VPN.
3. Depth of network monitoring:
- For endpoint security: Check PC at login only or continuously monitor the whole time it’s on the network?
- Consider the lesser of two costs: NAC monitoring costs versus fix costs for malware or break-ins.
The most important part about crafting your NAC policy is
4. Vendor-provided solution, in-house API solutions or a mixture of the two:
- Depending on your organization’s needs, scan customization may be the only option if the vendor’s native solution does not suffice.
5. In case of data loss:
- The best protection happens before data loss, so consider disk encryption to prevent increased mobility from compromising sensitive data.
- Less obvious than the dangers of a misplaced or stolen laptop is data leakage, ward against it with tools such as data fingerprinting and removable media monitoring or blocking.
6. Personal versus professional machines:
- To prevent the hazards of end users mixing work and play on work machines, desktop virtualization allows the creation of two mutually exclusive entities to prevent data leakage or movement.
7. Taking action:
- Just as catching a fish starts with them taking the bait and you reeling them in, NAC is not effective unless endpoint security threats are dealt with properly and in a timely manner. Whether it’s through the vendor-provided NAC solution or an in-house patch management system, be sure that scanning is followed up with patching.
Now that you’re ready to go shopping, check out what your fellow IT Knowledge Exchange members recommend as great resources for building the ultimate network security and troubleshooting utility belt. From Wireshark to Tasklist to the ever-popular Spiceworks, there are plenty of options for securing your painstakingly planned and built network.